Test script for online edit of `.user.js` files.

index.php

<?
////////////////////////////////////////////////////////////
// This proof of concept script is FULL OF SECURITY ISSUES.
// Don't use it, don't install it, don't expose it anywhere.
////////////////////////////////////////////////////////////
// Context: https://github.com/greasemonkey/greasemonkey/issues/2280
////////////////////////////////////////////////////////////

if (isset($_POST['file'])) {
  $fp = fopen($_GET['file'], 'wb');
  fwrite($fp, $_POST['content']);
  fclose($fp);
  header('Location: ' . $_SERVER['SCRIPT_NAME']);
  exit;
} else if (isset($_GET['mode']) && 'install' == $_GET['mode']) {
  $fp = fopen($_GET['file'], 'rb');
  header('Content-type: text/plain');
  header('Content-length: ' . filesize($_GET['file']));
  fpassthru($fp);
  exit;
}
header('Content-type: text/html');
?>
<!DOCTYPE html>
<html>
<head>
<title>Script Editor</title>
</head>
<body>
<?
if (isset($_GET['file'])) {
  print "<form method='post' action='?save&file={$_GET['file']}'>";
  print "<input type='hidden' name='file' value='{$_GET['file']}'>";
  print "<textarea rows=20 cols=80 name='content'>";
  $fp = fopen($_GET['file'], 'rb');
  print htmlspecialchars(fread($fp, filesize($_GET['file'])), ENT_QUOTES);
  print "</textarea><br>";
  print "<input type='submit' value='Save'>";
  print "</form>";
  print "<hr>";
  print "<a href='?file={$_GET['file']}'>Edit</a> ";
  print "<a href='?mode=install&file={$_GET['file']}'>Install</a> ";
} else {
  print '<ul>';
  foreach (glob('*.user.js') as $filename) {
    print "<li>$filename ";
    print "<a href='?file=$filename'>Edit</a> ";
    print "<a href='?mode=install&file=$filename'>Install</a> ";
    print "</li>";
  }
  print "<li><form>New file: <input type='text' name='file'><input type='submit'></form</li>";
  print "</ul>";
}
?>
</body>
</html>